Report: Wartime Hacking Is Spilling Into The Financial Sector

Russia’s war with Ukraine has triggered a surge in ideologically motivated hacktivism that persists to this day, posing by far the most significant impact on the cyber threat landscape for financial services, according to a report by the Financial Services Information Sharing and Analysis Center.

In its annual global intelligence threat report, FS-ISAC reported that the financial industry’s cyber threats have gotten worse in the shadow of the war as both sides have unleashed hacktivist groups who have carried out distributed denial of service (DDoS) attacks, website takeovers, and other activities, with many targeting financial institutions in countries whose governments are at odds with Moscow and President Vladimir Putin. 

Many of these attacks are relatively low impact, but they underscore how the internet has helped to transform modern geopolitical conflicts into a participatory exercise for hackers around the world with strong political sympathies.  

“Financial firms in countries that Russia considers hostile have been singled out for attacks and called out by name as targets on Telegram and other hacktivist forums,” the report noted. “While the attacks have yet to cause significant impact, they are notable in their ability to temporarily disrupt major businesses and governments while also garnering media interest.”  

FS-ISAC expects to see more hacktivist attacks for ideological reasons carried out this year as other conflicts heat up. Besides the Russia-Ukraine conflict, the intensified relationship between China and Taiwan and Iran’s ideologically driven attacks on the Western financial sector could also drive an increase in cyber and reputational risk to financial institutions caught in the crosshairs.  

FS-ISAC also warned that nation-state threat actors are likely to continue the cyberattacks if the Russia-Ukraine war persist. Citing data from Ukraine’s Computer Emergency Readiness Team, the report covers Russian government launched cyberattacks against over 2,000 Ukrainian groups, including those in the financial, commercial, and telecommunications sectors.  

The report also highlights how other major cyber threats, like ransomware, are evolving into more sophisticated forms. Ransomware-as-a-service (RaaS) growth offers ransomware gangs “a better business model than ever,” and continues to pose a significant threat to financial organizations, despite a reported decline in ransomware payments.  

Teresa Walsh, FS-ISAC’s global head of intelligence, told SC Media there are multiple drivers behind the drop in payments, but also general agreement that it’s not because ransomware is slowing down.

“Ransomware payments have decreased due to a combination of factors, including regulatory and law enforcement pressure, sanctions, and changes to cyber insurance policies. However, almost all security vendors agree that ransomware attacks are getting worse, spurring the growth of other monetization avenues besides direct payment, such as selling exfiltrated data on the dark web,” said Walsh.

Cryptocurrency, a dominant form of ransomware payments, should be closely monitored, especially as it is expected to become more integrated into financial infrastructure this year, Walsh added.  

FS-ISAC’s chief executive officer Steven Silberstein said that the best tool for financial institutions to defend against elevated cyber risks is intelligence sharing and collaboration across the global industry. “Cyber threats often evolve faster than the tools we use to combat them, but our strength is in our community,” said Silberstein.  

Last week, FS-ISAC announced the partnership with Google for its Critical Provider Program, a major step to forging deeper relationships between financial services institutions and critical network infrastructure and security providers. 

READ MORE HERE